It's baaack – WannaCry nasty soars through Boeing's computers

NSA-augmented ransomware hits snoops' home air industry

WannaCry, the Windows ransomware that took off last May around the world, has landed on some computers belonging to US aircraft and weaponry manufacturer Boeing.

“All hands on deck,” said Mike VanderWel, chief engineer at Boeing Commercial Airplane production engineering, in a memo seen earlier today by the Seattle Times. “It is metastasizing rapidly out of North Charleston and I just heard 777 (automated spar assembly tools) may have gone down. We are on a call with just about every VP in Boeing."

VanderWel said he was concerned that equipment used to test airframes after they roll off the production line was hit by the file-scrambling nasty. He feared the malicious code, which demands a ransom to restore encrypted documents, could “spread to airplane software.”

WannaCry: Everything you still need to know because there were so many unanswered Qs

That's unlikely to be the case, unless he meant possibly the in-flight entertainment systems, given the propagation methods used by the attack code. WannaCry exploits a Microsoft Windows SMB vulnerability using a cyber-weapon stolen from the NSA. Aircraft do not use Windows for critical systems.

The outbreak suggests that someone at Boeing was asleep at the switch when it comes to patching. WannaCry exploits software holes that were patched over a year ago and, after the first outbreak took down large chunks of Britain's National Health Service, people got busy installing and updating their networks.

Not so at Boeing, it seems. VanderWel referred to the reaction needed to counter the outbreak as "a battery-like response,” a reference to Boeing's problems with batteries overheating in the first models of its 787 Dreamliner.

"Our cybersecurity operations center detected a limited intrusion of malware that affected a small number of systems," a spokesperson for Boeing told the Times. "Remediations were applied and this is not a production and delivery issue." ®

PS: Infosec veteran Jake Williams has more context on Boeing's WannaCry infection in this Twitter thread...

A few notes about the Boeing story:
1. Manufacturing networks are flat, really flat.
2. Manufacturers often lease devices, so they often don't control patching
3. Even if they buy devices, the device may run embedded Windows and have no mechanism to patch the OS 1/n